CN104298519A - Apparatus for configuring operating system and method therefor - Google Patents
Apparatus for configuring operating system and method therefor Download PDFInfo
- Publication number
- CN104298519A CN104298519A CN201410342507.5A CN201410342507A CN104298519A CN 104298519 A CN104298519 A CN 104298519A CN 201410342507 A CN201410342507 A CN 201410342507A CN 104298519 A CN104298519 A CN 104298519A
- Authority
- CN
- China
- Prior art keywords
- system resource
- application program
- resource
- access
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/22—Microcontrol or microprogram arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/468—Specific access rights for resources, e.g. using capability register
Abstract
Disclosed are an apparatus and a method for configuring an operating system. The apparatus for configuring the operating system may comprise a system resource management part managing system resources by assigning control permission for system resources which interwork with the operating system to a first domain of the operating system; and a system operation part executing an application program in a second domain of the operating system which is independent from the first domain by utilizing the system resources managed by the system resource management part. Therefore, performance of the operating system may be enhanced while supporting high security of the operating system, so that reliability of the operating system can also be enhanced.
Description
Require right of priority
This application claims the right of priority of the Korean Patent Application No. 10-2013-0084601 submitted to Korean Intellectual Property Office (KIPO) on July 18th, 2013, its full content is incorporated to herein by reference at this.
Technical field
The present invention relates to a kind of operating system, particularly relate to a kind of for passing through the differentiation territory of operating system thus the apparatus and method of configuration operation system, and then ensure the reliability of operating system.
Background technology
Operating system (OS) is system software, its hardware by control and management such as memory device, processor device, input-output apparatus, the network equipment etc. and system resource, provide the signal conditioning package of the environment with service routine easily to user.
Operating system comprises kernel, and can perform for the function of hardware management or system resource and the function for effectively running application effectively based on system resource.
At this, according to the type of its block configuration, inside endorse and be divided into single kernel (monolithic kernel) and micro-kernel (micro kernel).
In list in caryogram operating system, the repertoire of operating system realizes in identical address space as individual module.
Fig. 1 explains the explanatory view with the conventional operating systems of single interior kernel mode realization.
With reference to Fig. 1, the operating system 100 of single interior kernel mode is used to comprise: resource allocation manager 110, the distribution of its management resource; Resource release manager 120, the release of its management resource; With resource access manager 130, the access of the resource of its management in individual module, thus management of system resource 140.
Therefore, the management of system resource 140 that requires of application programs and to using the operation of application program of system resource 140 can carry out in identical address space.
This being configured in of operating system is preferred at present, because it can improve the performance of operating system 100.
But, because the function for management of system resource 140 is carry out in identical address space with the function for running application, if part operation system failure, serious problems can be there are in the entire system.Therefore, it has the shortcoming of fragile safety and reliability problem.
Therefore, someone proposes micro-kernel.In micro-kernel type operating system, kernel is minimized, and to make the minimum function of operating system realize in kernel, remaining function of operating system performs in the user model of kernel outside.Compared with single kernel, micro-kernel can have the advantage of the safety and reliability improving operating system.
Fig. 2 is the explanatory view of the conventional operating systems that explanation realizes in micro-kernel mode.
With reference to Fig. 2, in the operating system 100 using micro-kernel mode, the module of each Function implementation to operating system 100, and provide independently address space to each module.
Such as, can to the resource 141 relevant to the functional module of function #3 and and each of the functional module of the function #4 resource 143 of being correlated with independently address space is provided.
Therefore, such as, in order to make application program connecting system resource, can require to include the intermodule communication of multi-step, wherein application program is to file system module transmission request, and then file system module is to memory storage driver module transmission request.
According to the function of operating system because operating system this configuration provides independently address space, in the module of the specific function of executive operating system wherein, produced problem can not affect whole system.Therefore, compared with single kernel, micro-kernel can have the advantage of safety and reliability.
But, because each function of operating system performs independently of one another, need multi-step intermodule communication, therefore can reduce the performance of operating system.
Summary of the invention
Therefore, provide exemplary embodiment of the present invention substantially to get rid of limitation in correlation technique and one or more problems caused by solving.
Exemplary embodiment of the present invention provides a kind of device for configuration operation system, and it forms operating system by the micro-kernel mode combining conventional single interior kernel mode and routine, supports high-performance and high security to make operating system simultaneously.
Exemplary embodiment of the present invention additionally provides a kind of method for configuration operation system, by running the operating system that has for management of system resource and the independent domains for executive utility, described method can improve the reliability of operating system while management of system resource effectively.
In some exemplary embodiments, the device for configuration operation system can comprise: the system resource management parts in the first territory of operating system, and it carrys out management of system resource by controlling license to the system resource allocation mutual with operating system; With the Dynamic System parts in the second territory of the operating system independent of the first territory, it is by using by the system resource executive utility of system resource management component management.
In addition, the first territory and the second territory realize discriminably in the independently territory of single kernel, and perform independently function.
In addition, system resource management parts can comprise resource distribution module, its system resource needed for dispensing applications program, and produce application program identifying information and to the information of system resource being assigned to application program.
At this, system resource management parts can comprise access (access) control information database, it receives the identifying information of application program and the information to system resource, by producing Access Control information by the information MAP of system resource to the mode of the identifying information of application program, and store the Access Control information produced.
At this, system resource management parts can comprise resource release module, the request of response application program is with free system resources, based on the Access Control information be stored in Access Control information database, in described resource release module Access Control information database, delete the information to system resource of the identifying information corresponding to application program.
At this, system resource management parts can comprise resource access (access) module, the request of response application program is with connecting system resource, based on the Access Control information be stored in Access Control information database, described resource access module carrys out the access in control system resource by the mode checking the information to system resource of identifying information corresponding to application program and whether be present in Access Control information database.
In addition, system resource management parts can be the scheduling feature of the order performed for determining the process (processes) forming application program.
In addition, Dynamic System parts carry out executive utility by using the access address of the system resource be allowed to by the access of virtual application program thereon and the system resource produced.
In addition, system resource can comprise at least one in the input-output apparatus of executive utility, memory device and computing equipment.
In another exemplary embodiment, the method for configuration operation system can comprise: carry out management of system resource by the mode controlling to permit to the system resource allocation mutual with the operating system in the first territory of operating system; And carry out executive utility by utilizing independent of the system resource in second territory in the first territory.
In addition, described management of system resource and executive utility carry out discriminably in the first territory of single kernel and the second territory.
At this, in management of system resource, can system resource needed for dispensing applications program, and the Access Control information by producing to application program the information MAP of the system resource being assigned to application program can be stored.
In addition, in management of system resource, the request of response application program, with connecting system resource, based on the Access Control information stored, can determine whether the access of the application program of the system resource to the access of request applications is thereon allowed to.
In addition, in management of system resource, the request of response application program, with free system resources, based on the Access Control information stored, can delete the information to system resource of the identifying information corresponding to application program.
In addition, in management of system resource, the scheduling feature of the order for determining the process forming application program can be performed.
In addition, in executive utility, the system resource of the access of application program can be allowed thereon and the access address of system resource that produces carrys out executive utility by using by virtual.
According to the device and method for configuration operation system based on the embodiment of the present invention as above, by conjunction with kernel mode in existing list and micro-kernel mode, while the performance of operating system can be improved, support high security.
In addition, because be separated the function of management of system resource and use the function of application program and formed, so the integrality to system resource can be ensured, thus the reliability to operating system can be improved.
Accompanying drawing explanation
Describe exemplary embodiment of the present invention in conjunction with the drawings in detail, exemplary embodiment of the present invention will become more apparent, wherein:
Fig. 1 explains the example view with the operating system of the routine of single interior kernel mode realization;
Fig. 2 is the example view of the operating system of the routine that explanation realizes in micro-kernel mode;
Fig. 3 is the block diagram of the device illustrated for configuring the operating system according to exemplary embodiment of the present invention;
Fig. 4 is the example view of the operation of the device explained for configuring the operating system according to exemplary embodiment of the present invention;
Fig. 5 explains the example view according to the Access Control information of exemplary embodiment of the present invention;
Fig. 6 is the process flow diagram of the method explained for the operating system according to exemplary embodiment of the present invention configured; And
Fig. 7 is the process flow diagram of the method for the access explained for controlling the application program to system resource in exemplary embodiment according to the present invention.
Embodiment
Disclosed herein is exemplary embodiment of the present invention.But, ad hoc structure disclosed herein and function detail only represent the object for describing exemplary embodiment of the present invention, and exemplary embodiment of the present invention can embody with many alternative forms and should not be construed as is restriction to the exemplary embodiment of the present invention proposed at this.
Therefore, the present invention easily makes the form of various correction and replacement, will describe its specific embodiment in detail at this for accompanying drawing.But, should be appreciated that, not limit the invention to disclosed concrete form, on the contrary, present invention covers all corrections fallen in the spirit and scope of the invention, equivalent and change.Run through the description of accompanying drawing, identical mark represents identical element.
Term used herein only for describing specific embodiment, and is not intended to limit the present invention.Unless context explicitly points out, such as singulative used herein " (a) ", " one (an) " and " described (the) " are also intended to comprise plural form.Further, term used herein " by ... composition ", " consisting of ", " comprising " and/or " having " etc., indicate the existence of described feature, entirety, step, operation, element and/or parts, but do not get rid of one or more further features, entirety, step, operation, element, the existence of parts and/or their combination or additional.
Unless done other definition, all terms (comprising technology and scientific terminology) used herein have had identical implication with the common understanding of technical field technician belonging to the present invention.It is further understood that, those terms defined in such as common dictionary should be interpreted as having the consistent implication of implication with it in association area context, except not here has been done clearly to define, it should not make an explanation with Utopian or excessively formal implication.
By the apparatus and method being used for configuration operation system according to exemplary embodiment of the present invention explained in the following description, can such as computing machine, smart phone, panel computer, server etc. comprise application program, operating system and hardware for the operating system of signal conditioning package in perform.
At this, based on system resource, the function that operating system (OS) can perform the hardware needed for executive utility or the system resource effectively managed for performing between application program and the hardware of such as input-output apparatus, the network equipment, computing equipment, memory device etc. and the function effectively run application.But the function of operating system is not limited to above-mentioned example.
In addition, operating system comprises kernel.According to its configuration, inside endorse and be divided into single kernel and micro-kernel.
At this, in list in caryogram operating system, all functions of operating system perform in identical address space as individual module, thus can improve the performance of operating system.On the contrary, in micro-kernel type operating system, each in all functions of operating system as independently module execution, and provides independently address space to each module.Therefore, in micro-kernel type operating system, the performance relevant to safety and reliability can be improved.
Application program can represent all software that can perform in an operating system and use signal conditioning package to be write the application program of the particular requirement meeting user by the user interface provided by operating system.
In addition, system resource can comprise at least one in the hardware of such as input-output apparatus, memory device and computing equipment for performing the application program mutual with operating system.
At this, input-output apparatus can represent that the user interface by being provided by operating system can accept the hardware unit of the such as mouse of the execution request of the application programs from user, light pen, keyboard and touch-screen, and represents the hardware unit that can provide the such as printer of the implementation of application program and result, monitor and loudspeaker to user.But input-output apparatus is not limited to above-mentioned example.
In addition, computing equipment can comprise the central processing unit (CPU) of coding of process application program, graphic process unit (GPU) and GPU general-purpose computations (GPGPU).
In addition, memory device can comprise and is embedded in buffering in computing equipment and buffer memory, static random access memories (SRAM), Dynamic Random Access Memory (DRAM), ROM (read-only memory) (ROM) and flash memory.But memory device is not limited to above-mentioned example.
Hereinafter, will explain in detail according to a preferred embodiment of the invention by referring to accompanying drawing.
Fig. 3 is the block diagram of the device illustrated for configuring the operating system according to exemplary embodiment of the present invention.
With reference to Fig. 3, the device 300 for configuration operation system can comprise system resource management parts 310 and Dynamic System parts 360.
Device 300 for configuration operation system can run in the operating system of configuration information treating apparatus, the territory being used for operational system resource management and the territory performed that is used for running application can be separated.
At this, application program can represent all software that can perform in an operating system and the application program being met particular requirement by writing being used signal conditioning package by the user interface provided by operating system.But application program is not limited to above-mentioned example.
The system resource that system resource management parts 310 ALARA Principle is mutual with the operating system in the first territory in operating system.
In addition, Dynamic System parts 360 can perform independent of the application program in second territory in the first territory by utilizing the system resource that be managed by system resource management parts 310.
At this, the first territory and the second territory can be run as the independently territory of single kernel, thus perform function independent of each other.
Especially, the function of management of system resource and the function for executive utility is used for, by using the single interior kernel mode with better performance and the micro-kernel mode configuration operation system of module being separated according to their function by running independently in the first territory and the second territory.
Therefore, the device 300 for configuration operation system can realize the operating system simultaneously supporting single interior better performance of kernel mode and the security of system of micro-kernel mode.
Can by the control license of system resource management parts 310 points pairing system resource, system resource management parts 310 can control the access of system resource.
System resource management parts 310 can comprise resource distribution module 320, resource release module 330, resource access module 340 and Access Control information database 350.
The system resource allocation that application program can require by resource distribution module 320 is to application program, and the identifying information producing application program and the information be assigned in the system resource of application program.
Now, the information in the identifying information of application program produced when the system resource required when application program is assigned with and system resource is provided to Access Control information database 350.Access Control information database 350 can record the Access Control information produced by the identifying information of application program is mapped to the information in system resource.
When application requests free system resources, based on the Access Control information be stored in Access Control information database, resource release module 330 can delete information in the system resource corresponding to the identifying information of application program.
At this, free system resources can represent that the use of completion system resource in the application or operating system recovery system resource are to perform the application program that other have higher priority.But, be not limited to foregoing description.
When the access of the specific system resource of application requests, based on the Access Control information be stored in Access Control information database, resource access module 340 can by checking that in the system resource corresponding to the identifying information of application program, whether information exists, and controls the access of particular system resource.
Such as, if the information corresponded in the system resource of the identifying information of application program is present in Access Control information database, the access in the system resource of application requests can be allowed to.
In addition, system resource management parts 310 can perform the scheduling of the priority of the process for executive utility.
At this, scheduling can represent the resource management function of operating system, its control system load thus realize multiprogramming by the order of the suitably use of regulating system resource and the operator precedence level of process.
That is, in the function of operating system, based on the access authority of system resource, system resource management parts 310 can perform for management of system resource and control the function of the access in system resource.
At this, system resource can comprise for by with at least one in the input-output apparatus of operating system and executive utility, memory device and computing equipment.In addition, system resource can be included in the network equipment communicated between equipment, process or signal conditioning package further.
Except the resource management function performed in system resource management parts 310, the repertoire of operating system can perform in Dynamic System parts 360.
Especially, by the virtual system resource allowing the access of application program thereon, Dynamic System parts 360 can produce the access address for particular system resource, thus it can control the access of the application program in system resource.
The access address of particular system resource can represent that the access of application program is thereon allowed to the logical address of the particular system resource used by application program.
At this, because actual system resource can not be accessed by using the logical address of system resource, by using the address converting device of such as storage manager (MMU), the logical address of system resource can be converted into the physical address of system resource, thus access real system resource.
Fig. 4 is the example view of the operation of the device explained for configuring the operating system according to exemplary embodiment of the present invention, and Fig. 5 explains the example view according to the Access Control information of exemplary embodiment of the present invention.
With reference to Fig. 4 and Fig. 5, executive utility can be carried out by management of system resource 140 for the device 300 configuring the operating system comprising system resource management parts 310 in operating system 100 and Dynamic System parts 360.
At this, based on the access authority of the system resource in the function of operating system, system resource management parts 310 can perform for management of system resource and the function of access in control system resource.
In addition, except the resource management function performed in system resource management parts 310, the repertoire of operating system can perform in Dynamic System parts 360.
When application requests distributing system resource 140, the system resource 140 that application program requires can be assigned to application program by the resource distribution module 320 of system resource management parts 310, and information in the identifying information producing application program and the system resource being assigned to application program.
As shown in Figure 5, based on the identifying information of application program and in resource distribution module 320 produce system resource on information, by the identifying information of application program being mapped to the information in the system resource of corresponding application program requirement, Access Control information can be recorded in Access Control information database.
At this, the identifying information of application program can comprise unique identifier or the unique identifier of application program, and the information in system resource can represent the physical address of system resource.But the implication of information is not limited to above-mentioned example.
That is, Access Control information can be recorded in form unique identifier or unique identifier mated with the physical address of system resource.
Now, by the virtual system resource being assigned to application program, Dynamic System parts 360 carry out executive utility by the access address producing system resource.
At this, the access address 361 of system resource can represent that the access of application program is thereon allowed to the logical address of the system resource used by application program.
Such as, if application program attempts the logical address connecting system resource by using system resource, by the address converting device of the such as storage manager (MMU) in system resource management parts 310, the logical address of system resource can be converted into the physical address of system resource, thus can control the access in real system resource 140.
Therefore, by checking whether the information in the system resource of the identifying information corresponding to application program is present in Access Control information database, the resource access module 340 in system resource management parts 310 can control the access in the system resource of the identifying information corresponding to application program.
If application requests free system resources 140, the resource release module 330 of system resource management parts 310 can be deleted corresponding to the information in the system resource of the identifying information of the application program in the Access Control information be recorded in Access Control information database 350.
At this, free system resources can represent that the use of completion system resource in the application or operating system recovery system resource are to perform the application program that other have higher priority.
Fig. 6 is the process flow diagram of the method explained for the operating system according to exemplary embodiment of the present invention configured.
With reference to Fig. 6, described method can comprise: step S100, by the system resource that the first territory management of operating system is mutual with operating system; With step S200, by the second territory of operating system, by utilizing system resource executive utility.
At this, the step S100 for management of system resource and the step S200 for executive utility can carry out in the independent domains of single kernel.
That is, in the present invention, operating system is by using single kernel with better performance to configure substantially.In addition, the function of management of system resource and the function of executive utility can perform in the independent domains comprising the first territory and the second territory, thus the advantage of the micro-kernel improving security of system can be incorporated into operating system.
Therefore, the operating system simultaneously can supporting the excellent properties of single kernel and the security performance of micro-kernel can be performed.
Can the system resource that requires of dispensing applications program, and can by by the information MAP in the system resource of distribution, to the application program of correspondence, the Access Control information that produces be recorded in the step S100 of management of system resource.
In addition, when access in application requests system resource, based on Access Control information, can check whether application program has the access authority in system resource.
Therefore, if the information corresponded in the system resource of the identifying information of application program exists, then the access of the application program in system resource can be allowed to.
When the release of application requests system resource, based on Access Control information, can be deleted corresponding to the information in the system resource of the identifying information of application program.
Now, the release of system resource can represent and completes the use of system resource or operating system recovery system resource to perform the application program that other have higher priority in application program.But, be not limited to above-mentioned exemplary implication.
The step S100 of management of system resource can provide the scheduling feature determined for the order of the process of executive utility.
At this, scheduling can represent the resource management function of the operating system of control system load, thus realizes multiprogramming by the order of the suitably use of regulating system resource and the operator precedence level of process.
By being used in the system resource of the first territory management, can in independent of second territory in the first territory executive utility (S200).
Especially, the system resource that the access of application program is thereon allowed to can be virtualized by producing the access address of system resource.Executive utility can be carried out by using access address.
At this, the access address of system resource can represent that the access of application program is thereon allowed to the logical address of the system resource used by application program.
Fig. 7 is the process flow diagram of the method for the access explained for controlling the application program in the system resource of exemplary embodiment according to the present invention.
With reference to Fig. 7, when access in application requests system resource (S300), the access (S400) in control system resource can be carried out by the access authority of the application program in check system resource.
Such as, application program can by using the access (S300) in the logical address request system resource of system resource.
Now, the physical address by using the address converting device of the storage manager of such as system resource management parts 310 (MMU) logical address of system resource can be converted to system resource.
Therefore, based on pre-recorded Access Control information, can check whether to exist (S400) corresponding to the information in the system resource of the identifying information of application program.
At this, pre-recorded Access Control information can be the information that the information MAP in the system resource by application program being required records to the identifying information of corresponding application program.
At this, the identifying information of application program can comprise unique identifier or the unique identifier of application program, and the information in system resource can represent the physical address of system resource.But the implication of information is not limited to above-mentioned example.
Therefore, if the information corresponded in the system resource of the application program requirement of the identifying information of application program is present in Access Control information database, the access of the application program in system resource can be allowed to (S410).
On the contrary, if the information corresponded in the system resource of the application program requirement of the identifying information of application program is not present in Access Control information database, the access of the application program in system resource can be rejected (S420).
According to the above-mentioned apparatus and method for configuring the operating system according to exemplary embodiment of the present invention, by combining conventional single interior kernel mode and conventional micro-kernel mode, the performance of operating system can be improved while supporting high security.
In addition, the function due to the system resource for MOS and the function for operating application program are configured independently, and ensure that the integration of system resource thus can improve the reliability of operating system.
Although describe exemplary embodiment of the present invention and their advantage in detail, should be appreciated that and can make various amendment, replacement and change to the present invention without departing from the scope of the invention.
Description of reference numerals:
100: operating system 110: resource allocation manager
120: resource release manager 130: resource access manager
140: system resource 141: resource
143: resource 300: for the device of configuration operation system
310: system resource management parts 320: resource distribution module
330: resource release module 340: resource access module
350: Access Control information database 360: Dynamic System parts
361: the access address of system resource
Claims (16)
1., for a device for configuration operation system, described device comprises:
System resource management parts, it is arranged in the first territory of operating system, and passes through point control license of the system resource that pairing is mutual with operating system and management of system resource; With
Dynamic System parts, it is located in the second territory independent of the operating system in the first territory, and by using by the system resource of system resource management component management executive utility.
2. device according to claim 1, wherein, described first territory and the second territory realize respectively in the independently territory of single kernel, and perform independently function.
3. device according to claim 1, wherein, described system resource management parts comprise:
Resource distribution module, the system resource that its dispensing applications program requires, and produce application program identifying information and to the information of system resource being assigned to application program.
4. device according to claim 3, wherein, described system resource management parts comprise:
Access Control information database, described Access Control information database receives the identifying information of application program and the information to system resource; And by producing Access Control information by the information MAP of system resource to the identifying information of application program, and store the Access Control information of generation.
5. device according to claim 4, wherein, described system resource management parts comprise:
Resource release module, the request of response application program is with free system resources, based on the Access Control information be stored in Access Control information database, described resource release module deletes the information to system resource of the identifying information corresponding to application program in Access Control information database.
6. device according to claim 4, wherein, described system resource management parts comprise:
Resource access module, the request of response application program is with connecting system resource, based on the Access Control information be stored in Access Control information database, described resource access module is by checking whether the information to system resource of the identifying information corresponding to application program is present in Access Control information database the access controlled system resource.
7. device according to claim 1, wherein, described system resource management parts perform the scheduling feature of the order for determining the process forming application program.
8. device according to claim 1, wherein, described Dynamic System parts are by using the access address of the system resource be allowed to by the access of virtual application program thereon and the system resource produced and executive utility.
9. device according to claim 1, wherein, described system resource comprises at least one in the input-output apparatus of executive utility, memory device and computing equipment.
10., for a method for configuration operation system, described method comprises:
By controlling to permit and the step of management of system resource to the system resource allocation mutual with the operating system in the first territory of operating system; And
By utilizing independent of the system resource in second territory in the first territory the step of executive utility.
11. methods according to claim 10, wherein, described management of system resource and described executive utility carry out respectively in the first territory of single kernel and the second territory.
12. methods according to claim 10, wherein, the feature of described management of system resource is, the system resource that dispensing applications program requires, and stores the Access Control information by producing to application program the information MAP of the system resource being assigned to application program.
13. methods according to claim 12, wherein, the feature of the step of described management of system resource is, the request of response application program is with connecting system resource, based on the Access Control information stored, determine whether the access of the application program of the system resource to the access request having application is thereon allowed to.
14. methods according to claim 12, wherein, the feature of the step of described management of system resource is, the request of response application program is with free system resources, based on the Access Control information stored, delete the information to system resource of the identifying information corresponding to application program.
15. methods according to claim 10, wherein, the feature of the step of described management of system resource is, performs the scheduling feature of the order for determining the process forming application program.
16. methods according to claim 10, wherein, the feature of the step of described executive utility is, by using the access address of the system resource be allowed to by the access of virtual application program thereon and the system resource produced and executive utility.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR10-2013-0084601 | 2013-07-18 | ||
| KR1020130084601A KR101535792B1 (en) | 2013-07-18 | 2013-07-18 | Apparatus for configuring operating system and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104298519A true CN104298519A (en) | 2015-01-21 |
| CN104298519B CN104298519B (en) | 2018-04-24 |
Family
ID=51229798
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410342507.5A Active CN104298519B (en) | 2013-07-18 | 2014-07-18 | For configuring the devices and methods therefor of operating system |
Country Status (5)
| Country | Link |
|---|---|
| US (1) | US9684525B2 (en) |
| EP (1) | EP2827246A1 (en) |
| JP (1) | JP5976046B2 (en) |
| KR (1) | KR101535792B1 (en) |
| CN (1) | CN104298519B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20160141476A (en) * | 2015-06-01 | 2016-12-09 | 엘지전자 주식회사 | Mobile terminal |
| CN106713388B (en) * | 2015-11-13 | 2021-03-30 | 创新先进技术有限公司 | Burst service processing method and device |
| US10305209B2 (en) * | 2016-02-26 | 2019-05-28 | Amphenol Fci Asia Pte Ltd | Electrical connector and method of assembling the same |
| KR102111991B1 (en) * | 2018-08-17 | 2020-05-18 | 주식회사 한컴엠디에스 | Apparatus and Method for Managing Resource of OS System |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030009685A1 (en) * | 2001-06-29 | 2003-01-09 | Tse-Huong Choo | System and method for file system mandatory access control |
| US20080104695A1 (en) * | 2004-12-09 | 2008-05-01 | Jean-Philippe Fassino | Device and Method for Controlling Access, Core with Components Comprising Same and Use Thereof |
| US7509639B2 (en) * | 2003-03-04 | 2009-03-24 | Secure64 Software Corp. | Customized execution environment |
| CN102567176A (en) * | 2010-12-16 | 2012-07-11 | 微软公司 | Kernel awareness of physical environment |
Family Cites Families (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6487547B1 (en) * | 1999-01-29 | 2002-11-26 | Oracle Corporation | Database appliance comprising hardware and software bundle configured for specific database applications |
| KR100406532B1 (en) | 1999-07-26 | 2003-11-20 | 주식회사 케이티 | An operating system implementation method for embedded systems |
| US8024742B2 (en) * | 2003-09-30 | 2011-09-20 | Jaluna S.A. | Common program for switching between operation systems is executed in context of the high priority operating system when invoked by the high priority OS |
| GB2453284A (en) * | 2004-04-02 | 2009-04-01 | Symbian Software Ltd | Mechanism for notifying a kernel of a thread entering a critical section. |
| US7721298B2 (en) | 2004-12-03 | 2010-05-18 | Microsoft Corporation | Operating system performance |
| EP1892625B1 (en) * | 2006-08-09 | 2018-07-11 | Red Bend Software | Finer grained operating system scheduling |
| WO2008096891A1 (en) * | 2007-02-09 | 2008-08-14 | Ntt Docomo, Inc. | Terminal device and software inspecting method |
| US20090158299A1 (en) * | 2007-10-31 | 2009-06-18 | Carter Ernst B | System for and method of uniform synchronization between multiple kernels running on single computer systems with multiple CPUs installed |
| JP5676845B2 (en) * | 2008-11-06 | 2015-02-25 | イグジット−キューブ,インク. | Computer system, kernel scheduling system, resource allocation method, and process execution sharing method |
| KR101122962B1 (en) * | 2010-08-04 | 2012-03-16 | 삼성에스디에스 주식회사 | User terminal device and switching multi virtual machines thereof |
| US8898672B2 (en) * | 2011-09-14 | 2014-11-25 | Alcatel Lucent | Method and apparatus for providing isolated virtual space |
| US9098726B2 (en) | 2012-04-24 | 2015-08-04 | Samsung Electronics Co., Ltd. | Scalable and secure application resource management and access control for multicore operating systems |
-
2013
- 2013-07-18 KR KR1020130084601A patent/KR101535792B1/en active IP Right Grant
-
2014
- 2014-07-04 EP EP14175759.1A patent/EP2827246A1/en not_active Withdrawn
- 2014-07-07 JP JP2014140016A patent/JP5976046B2/en active Active
- 2014-07-18 US US14/335,798 patent/US9684525B2/en active Active
- 2014-07-18 CN CN201410342507.5A patent/CN104298519B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030009685A1 (en) * | 2001-06-29 | 2003-01-09 | Tse-Huong Choo | System and method for file system mandatory access control |
| US7509639B2 (en) * | 2003-03-04 | 2009-03-24 | Secure64 Software Corp. | Customized execution environment |
| US20080104695A1 (en) * | 2004-12-09 | 2008-05-01 | Jean-Philippe Fassino | Device and Method for Controlling Access, Core with Components Comprising Same and Use Thereof |
| CN102567176A (en) * | 2010-12-16 | 2012-07-11 | 微软公司 | Kernel awareness of physical environment |
Also Published As
| Publication number | Publication date |
|---|---|
| JP2015022763A (en) | 2015-02-02 |
| US9684525B2 (en) | 2017-06-20 |
| JP5976046B2 (en) | 2016-08-23 |
| KR101535792B1 (en) | 2015-07-10 |
| US20150026447A1 (en) | 2015-01-22 |
| EP2827246A1 (en) | 2015-01-21 |
| CN104298519B (en) | 2018-04-24 |
| KR20150010095A (en) | 2015-01-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109062833B (en) | Computing system operating method, computing system, vehicle and computer readable medium | |
| CN102077188B (en) | Direct memory access filter for virtualized operating systems | |
| EP2202643B1 (en) | Methods and apparatus for providing user level DMA and memory access management | |
| CN103577345A (en) | Methods and structure for improved flexibility in shared storage caching by multiple systems | |
| US20120159116A1 (en) | Apparatus for processing remote page fault and method thereof | |
| US20230196502A1 (en) | Dynamic kernel memory space allocation | |
| US20100235598A1 (en) | Using Domains for Physical Address Management in a Multiprocessor System | |
| KR101323858B1 (en) | Apparatus and method for controlling memory access in virtualized system | |
| JP2004220608A (en) | Dynamic allocation of computer resource based on thread type | |
| CN104881596A (en) | Modifying memory permissions in a secure processing environment | |
| CN104866762A (en) | Safety hypervisor function | |
| CN109977037B (en) | DMA data transmission method and system | |
| CN113434453A (en) | System on chip and operation method thereof | |
| CN104298519A (en) | Apparatus for configuring operating system and method therefor | |
| JP2015022756A (en) | Resource allocation method and resource allocation system | |
| CN111427669A (en) | Method, apparatus, medium, and system for managing virtual machines on computer device | |
| CN103049328A (en) | Distribution method of internal memory resources in computer system | |
| CN101464841A (en) | Method and system for implementing write protection of block memory stack | |
| US7793051B1 (en) | Global shared memory subsystem | |
| US20200201691A1 (en) | Enhanced message control banks | |
| US11494092B2 (en) | Address space access control | |
| CN116028455A (en) | Data processing method and device, storage medium and electronic equipment | |
| CN114518962A (en) | Memory management method and device | |
| JP5104501B2 (en) | Virtual machine system, host computer, virtual machine construction method and program | |
| CN105718211A (en) | Information processing apparatus and information processing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |